Hey everyone, I run an image hosting website and I'm designing an API for it. My concern is that I don't want anyone to be able to do something like:
while(true) {
Upload();
}
and spam/DoS the site.
My current solution is to limit all IP addresses to a certain amount of uploads per day/hour. I believe this will work fine for desktop applications that will use the API, but for websites that wish to use it, all the users will have the same IP (the server's).
I suppose the best solution would be to have user accounts that authenticate with the API, and then ban each account if they abuse it. The problem with this is that my site has no user accounts at all, it's all completely anonymous.
What else can be done? I would like to keep things as open as possible, while at the same time have the ability to ban users/IPs who are obviously abusing the service.